-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Doesn't work under Win2012R2 #22
Comments
I strongly suspect issue #14 is the culprit for you. Windows Server 2012 R2 will log event 4625 when an RDP logon fails, however it will not log an IP address. Without an IP address the event sink will simply return. To verify the event sink is receiving events add a "WScript.Echo" at line 325. You should see the event sink called each time an event 4625 happens. |
I'm sure I read somewhere that there was a way to force DNS addresses to appear even though SSL was being enforced. I'll relook over the weekend and post my findings (I had the problem on an old server and managed to get it to work before but I can't remember how this was done offhand). |
@SgtOddball DId you find anything? |
What did you see, SgtOddball??? |
Sorry I haven't had the chance to follow up on this, i've been upto my eyeballs in a new job which has taken me off managing servers. I might have time to look further over the christmas break but it just depends on what i've got going on. |
You can modify group policy Remote Desktop Session Host \ Security \ Set client connection encryption level to Client Compatible and modify Remote Desktop Session Host \ Security \ Require use of specific security layer for remote (RDP) connections to Security Layer RDP. Force gpupdate on TS after applying group policy to computer OU This will allow ts_block to work. |
This got fixed in Server 2016. |
As a clarification (in lieu of actually taking the time to update the documentation) of behavior and compatibility: Windows Server 2019, 2016, 2008 R2, 2008, 2003 R2, and 2003 all work fine with this code. Windows Server 2012 and 2012 R2, when using the TLS/SSL security layer (which is the default), do not log the IP address of the client so there's no way for ts_block to take action. Verbose discussion at: #14 |
I did use this script for a long time under Win2008. But now, under Win2012 it does nothing. In Debugmode it is waiting in busy-loop but no event is noticed.
It looks like that the Select Statement is no longer valid.
The text was updated successfully, but these errors were encountered: